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3, FOXACID injects a FOXACJD urt 
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7, If the browser is exploitable 
and the psp is safe, foxacid 
deploys a Stage 1 implant back 
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QUANTUM Capabilities - NSA 

(TS//SI//REL) NSA QUANTUM has the greatest success against <yahoo>, <facebook> 1 
and Static IP Addresses. New QUANTUM realms are often changing, so check the GO 
quantum wiki page or the QUANTUM SpySpaee page to get more up-to-date news, 

NSA QUANTUM is capable of targeting the following realms: 
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• IPv4_public 


* mailruMrcu 
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• alibabaForumUser • msnMailToken64 
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• doubleclickID 


• qq 
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• emailAddr 


• facebook 
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* rocketmai! 


• simbarUuid 
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• twitter 
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• hotmaiiClD 
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• youTube 
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• msnMailToken64 • WatcherlD 
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QUANTUMTHEORY - GCHQ 

If a Partnering Agreement Form { PAF) is set up with GCHQ for 
the CNO project, then the R&T Analyst can utilize GCHQ 
QUANTUMTHEORY to include additional capabilities such as: 

• • ALIBABA • AOL 

• * BEBO_EMAIl • DOUBLECLICK 

• • FACEBOOK CUSER * GOOGLEPREFID 

• • GMAIL • HI5 

• • HOTMAIL * LINKEDIN 

• • MAILRU • MICROSOFT_MUID 

• * MICROSOFT_ANONA • RAMBLER 

• • RADIUS • SIMBAR 

• • TWITTER • YAHOO_B 

• • YAHOO_L/Y * YANDEX_EMA1L 

••YOUTUBE -IP Address 

More information on; https://wiki.gchq/ «/QUANTUM_BISCUIT 



If you cannot get to the link try: http:// 




TOP SE CR ET//COM I NT//R EL TO U S A , FVEY 15 

SPIEGEL ONLINE 



TOP SECRET//COM1NT//MR 



VALIDATOR 

VALIDATOR is a part of a backdoor access system under the FOXAC1D project. The 
VALIDATOR is a cl ien t/server- based system that provides unique backdoor access to 
personal computers of targets of national interest, including but not limited to terrorist 
targets. VALIDATOR is a small Trojan implant used as a back door against a variety of 
targeted Windows systems, which can be deployed remotely or via hands on access to 
any Windows box from Windows 98 through Windows Server 2003. The LP is on-line 
24/7 and tasking is 'queued 5 , that is, jobs sit in a queue waiting for the target to 'call 
home’, then the job(s) are sent one at a time to the target for it to process them. 
Commands are Pitt a file, get a file, Put, then execute a file, get system information, 
change VALIDATOR ID, and Remove itself. VALIDATOR’S are deployed to targeted 
systems and contact their Listening Post (LP) (each VALIDATOR is given a specific 
unique ID, specific IP address to cal! home to it’s LP); SEP! analysts validate the target's 
identity and location (US SID- 18 check), then provide a deployment list to Olympus 
operators to load a more sophisticated Trojan implant (currently OLYMPUS, future 
UNITE DRAKE). An OLYMPUS operator then queue up commands for the specific 
VALIDATOR ID’s given by SEPL Process repeats itself. Once target is hooked with the 
more sophisticated implant, VALIDATOR operators tend to cease. On occasion, 
operators are instructed by SEP! or the SWO to have VA1DATOR delete itself. 
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OLYMPUSF1RE 



OLYMPUSFIRE is an exploitation system that uses a software implant on a 
Microsoft Windows based target PC to gain complete access to the targeted PC. The 
target, when connected to the Internet, will contact a Listening Post (LP) located at an 
NSA/USSS facilities, which is online 24/7, and get its commands automatically. 
These commands include directory listings, retrieving files, performing netmaps, etc. 
The results of the commands are then returned to the LP, where the data is collected 
and forwarded to CE5 and analysis and production elements. 
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